aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* eap-radius: use IKE_SA unique id instead of peer identity to manage virtual IPsMartin Willi2013-05-063-34/+100
| | | | Fixes some corner cases if multiple tunnels use the same peer identity.
* Don't unset IKE_SA on bus before we released virtual IPs and attributesMartin Willi2013-05-061-10/+8
|
* New Android release after adding AES-GCM, IPv6-in-IPv4 and using kernel-netlinkTobias Brunner2013-05-031-2/+2
| | | | | | | | libipsec now supports AES-GCM, IPv6 tunnels over IPv4 are supported, native x86 libraries are built (requires a new Vstr build script). Also, the existing kernel-netlink plugin now provides the kernel-net implementation, which should be more stable in case multiple interfaces are up and have IP addresses installed on them.
* libipsec: Fix memory leak in event relayTobias Brunner2013-05-031-0/+1
|
* android: Use stronger ESP proposal including AES-GCMTobias Brunner2013-05-031-0/+6
|
* libipsec: Add support for AES-GCMTobias Brunner2013-05-031-3/+45
|
* libipsec: Wrap traditional algorithms in AEAD wrapperTobias Brunner2013-05-033-110/+91
|
* android: Remove unused methods on NetworkManager/network_manager_tTobias Brunner2013-05-033-177/+1
|
* android: Ignore interface 'lo'Tobias Brunner2013-05-031-2/+4
| | | | | Android adds a default route via 'lo' if no connectivity is available causing charon to send packets via lo and triggering DPD.
* android: Repurpose android-net to simply handle connectivity eventsTobias Brunner2013-05-033-59/+34
| | | | | | Using the events by NetworkManager/ConnectivityManager to trigger roam events instead of the events generated by the kernel-netlink plugin the noise level is much lower.
* kernel-netlink: Add an option to disable roam eventsTobias Brunner2013-05-032-1/+16
|
* android: Replace android-net plugin with kernel-netlinkTobias Brunner2013-05-032-3/+8
| | | | | Virtual IPs are not handled by the kernel-netlink plugin and tun devices are ignored.
* android: Set strongswan.conf options before initializing other librariesTobias Brunner2013-05-031-36/+44
|
* kernel-netlink: Define defaults for routing table and prioTobias Brunner2013-05-031-0/+8
|
* openssl: Define a default for FIPS_MODETobias Brunner2013-05-031-0/+4
|
* In memwipe_check(), don't put magic on stack when calling do_magic()Martin Willi2013-05-031-3/+3
| | | | Otherwise the magic might be on the stack while checking it.
* Dump stack if memwipe() check failsMartin Willi2013-05-031-3/+19
|
* Use attest database in tnc/tnccs-20-os scenario5.0.4Andreas Steffen2013-04-216-2/+268
|
* fixed a 64bit time_t issueAndreas Steffen2013-04-211-3/+4
|
* destroy SQL queryAndreas Steffen2013-04-211-0/+1
|
* Keep last AR IDAndreas Steffen2013-04-211-0/+2
|
* Added use of openssl-fips library to NEWSAndreas Steffen2013-04-191-0/+2
|
* check for successful activation of FIPS modeAndreas Steffen2013-04-191-1/+4
|
* install FIPS-aware OpenSSL Debian packagesAndreas Steffen2013-04-191-18/+5
|
* Added openssl-ikev2/rw-cpa scenarioAndreas Steffen2013-04-1929-0/+472
|
* build openssl-fips in KVM root-imageAndreas Steffen2013-04-195-0/+49
|
* fixed typoAndreas Steffen2013-04-191-1/+1
|
* During libstrongswan initialization, check if memwipe() works as expectedMartin Willi2013-04-181-1/+51
|
* added libstrongswan.plugins.openssl.fips_mode to man pageAndreas Steffen2013-04-161-0/+3
|
* support of OpenSSL FIPS-140-2 libraryAndreas Steffen2013-04-163-1/+21
|
* build soup plugin in KVM test environmentAndreas Steffen2013-04-152-1/+2
|
* disable reauth, tooAndreas Steffen2013-04-151-1/+2
|
* Fix checksum calculation with DESTDIR installationsTobias Brunner2013-04-151-1/+1
|
* version bump to 5.0.4Andreas Steffen2013-04-142-1/+21
|
* Added charon.initiator_only option which causes charon to ignore IKE ↵Andreas Steffen2013-04-1424-2/+277
| | | | initiation requests by peers
* Allow SHA1_Init()/SHA1_Update() to fail if OpenSSL version >= 1.0Martin Willi2013-04-101-0/+14
|
* Check RSA_public_decrypt() length before constructing and comparing a chunkMartin Willi2013-04-101-7/+10
| | | | | If decryption fails, it returns -1. chunk_equals() should catch that error, but be more explicit in error checking.
* RSA_check_key() may return -1 if it failsMartin Willi2013-04-101-2/+2
|
* RAND_bytes/RAND_pseudo_bytes returns -1 if it is not supported by RAND methodMartin Willi2013-04-101-1/+1
|
* Check return value of ECDSA_Verify() correctlyMartin Willi2013-04-101-1/+1
|
* eap-radius: Add an option to exclude ports from Called/Calling-Station-IdMartin Willi2013-04-102-9/+37
|
* version bump to 5.0.4dr1Andreas Steffen2013-04-091-1/+1
|
* fixed another printf statementAndreas Steffen2013-04-091-3/+1
|
* fixed printf statementsAndreas Steffen2013-04-082-10/+29
|
* emit a single assig_vips bus message for all VIPsAndreas Steffen2013-04-068-62/+57
|
* ifmap plugin subscribes to assing_vip bus signalAndreas Steffen2013-04-067-2/+135
|
* Added missing sasl Doxygen groupTobias Brunner2013-04-051-0/+3
|
* unity: Check IKE_SA in only after enumerating virtual IPsTobias Brunner2013-04-051-2/+1
|
* fixed configure options5.0.3Andreas Steffen2013-04-041-0/+2
|
* cleaned up XML code in tnccs-11 pluginAndreas Steffen2013-04-0413-92/+95
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-17 11:05:05 +0000